1

Topic: Edit group entries of large amount of users (LDAP)

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.0
- Linux/BSD distribution name and version: Ubuntu 14.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I've set up an email server using iRedMail on our schools server. Importing the users with the create_mail_user_OpenLDAP.py skript worked flawless. I've added the users into different goups (students, teachers). It would be great if it would be possible to add a large amount of users to subgroups (for example classes). But as typical in schools users are often changing groups/classes/courses and so on.
Is there an easy way to add a large group of existing users to groups and to move them from one group to another?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Edit group entries of large amount of users (LDAP)

alex42 wrote:

It would be great if it would be possible to add a large amount of users to subgroups (for example classes).

What do you mean sub-groups? User can be assigned to multiple groups, for example, assign one user to group "students", "grade_2", "course_abc", etc. is it enough for you?

alex42 wrote:

Is there an easy way to add a large group of existing users to groups and to move them from one group to another?

We don't have such script (in iRedMail) or feature (in iRedAdmin-Pro), but it's a good idea. I will give it a try NOW, could you help test it?

3

Re: Edit group entries of large amount of users (LDAP)

ZhangHuangbin wrote:
alex42 wrote:

It would be great if it would be possible to add a large amount of users to subgroups (for example classes).

What do you mean sub-groups? User can be assigned to multiple groups, for example, assign one user to group "students", "grade_2", "course_abc", etc. is it enough for you?

Yes thats what I meant.

ZhangHuangbin wrote:
alex42 wrote:

Is there an easy way to add a large group of existing users to groups and to move them from one group to another?

We don't have such script (in iRedMail) or feature (in iRedAdmin-Pro), but it's a good idea. I will give it a try NOW, could you help test it?

Would be really great to have such a script!

4

Re: Edit group entries of large amount of users (LDAP)

alex42 wrote:

Yes thats what I meant.

As mentioned in our document, this is supported:
http://www.iredmail.org/docs/ldap.bulk. … users.html

Sample: assign user to 2 groups: group1, group2.

mydomain.com, user1, plain_password, John Smith, 104857600, group1:group2
alex42 wrote:

Would be really great to have such a script!

Finished. I will do some basic test on my local machine and come back to you later. Stay tuned.

5

Re: Edit group entries of large amount of users (LDAP)

Try this new script:

*) Download this file:
https://bitbucket.org/zhb/iredmail/raw/ … r_group.py

*) Edit this file and set correct LDAP server address, LDAP suffix, bind dn and password.
*) Run it without arguments will give you help message:

Usage:

$ python ldap_move_members_to_another_group.py [options] old_group@domain.com [new_group@domain.com new_group_2@domain.com ...]

If no new group specified, this script will remove all members (just remove
membership, not remove mail accounts) of old group.

Available optional options:

    --copy Assign members of old group to new groups without removing
           membership of old group. That means user will be member of both
           old and new groups.
           If not --copy specified, user will be not member of old group.

6

Re: Edit group entries of large amount of users (LDAP)

Wow, cool!
For my use case it would be better if I could use a user list within I could define new groups for chosen user. For example:

user1@example.com; group1, group2, group3
user2@example.com; group3
user3@example.com; group2

Is it possible for you to realize this as well?

7

Re: Edit group entries of large amount of users (LDAP)

New script for this purpose.

*) Download this file:
https://bitbucket.org/zhb/iredmail/raw/ … _groups.py

*) Edit this file and set correct LDAP server address, LDAP suffix, bind dn and password.
*) Run it without arguments will give you help message:

Usage:

$ python ldap_assign_user_to_groups.py [options] user@domain.com new_group@domain.com [new_group_2@domain.com ...]

Note: Non-existing group will be ignored.

Optional arguments:

    --remove Remove memberships. If no mailing list specified, it will remove
             ALL assigned mailing lists.

Samples:

*) Remove all memberships:
    python ldap_assign_user_to_groups.py --remove user@domain.com

*) Remove memberships of specified mailing lists:
    python ldap_assign_user_to_groups.py --remove user@domain.com group1@domain.com group2@domain.com

*) Assign user to new mailing lists:
    python ldap_assign_user_to_groups.py user@domain.com group1@domain.com group2@domain.com

8

Re: Edit group entries of large amount of users (LDAP)

The script is working great! Thanks a lot for this!

Using the script I've discovered a bug (or isn't it a bug). I've added the users using the create_mail_user_OpenLDAP.py script. When I'm having a look in the user entry I can see the defined memberOfGroup entries. But under groups these groups don't appear, so I can't add users to them using your new script.

9 (edited by alex42 2015-10-15 06:08:45)

Re: Edit group entries of large amount of users (LDAP)

Wrote a little Script ot add large amounts of users to groups

{ while IFS=';' read  u1 g1 ; do    python ldap_assign_user_to_groups.py "$u1" "$g1"
 done ; } < groupadd.csv

My groupadd.csv contains entries like these:

user1@example.com;group1@example.com
user2@example.com;group1@example.com

10

Re: Edit group entries of large amount of users (LDAP)

With create_mail_user_OpenLDAP.py, you'd better create these mail groups first. if they don't exist, the script will create the membership without problem, but you need to create the mail groups.

11

Re: Edit group entries of large amount of users (LDAP)

Is it possible to make the groups (created with create_mail_user_OpenLDAP.py) visible in the LDAP tree under groups in Phpldapadmin? Can I just create them again with Phpldapadmin?

12

Re: Edit group entries of large amount of users (LDAP)

Sorry, no plan for this. Of course you're free to do it yourself. smile

13 (edited by alex42 2015-10-16 01:44:13)

Re: Edit group entries of large amount of users (LDAP)

Your scripts are already great. But would be really great if you could add the ability to create groups out of the second script or maybe a third script which creates groups?

Today I had to add manually more than hundred groups in phpldapadmin and sadly I haven't got the ability to write such a script :-(